Hacking Finding the 3DS Common Key

[Foxi4]

It'll tell you, opposed to just displaying some stats like it does normally.

And yes it's random, but like I said if you ran it for 50 years you'd still have a 99.99999999999999999999999443% chance of failure at the end of those 50 years counting all the keys tried.

Let's just simplify this by saying that even if every single 3DS/DSi user in the world would have a cool quad-core rig and run this program non-stop, we'd all be in our late 60-70 before it's half-way done.

Sounds about right.

 

[nukeboy95]

It'll tell you, opposed to just displaying some stats like it does normally.

And yes it's random, but like I said if you ran it for 50 years you'd still have a 99.99999999999999999999999443% chance of failure at the end of those 50 years counting all the keys tried.

Let's just simplify this by saying that even if every single 3DS/DSi user in the world would have a cool quad-core rig and run this program non-stop, we'd all be in our late 60-70 before it's half-way done.

Sounds about right.

let get say 1000 people to run it (that way it will only take 18.2621099 days

 

[Rydian]

let get say 1000 people to run it (that way it will only take 18.2621099 days

Er, no?

It's 378,432,000,000 a year for a single person, so 378,432,000,000,000 for 1000 people per year.
50 years is 18,921,600,000,000,000 for 1000 people.

~5.560 * 10^(e-23)

00.00000000000000000000556% chance of 1000 people succeeding after 50 years at my speed.
Opposed to...
00.00000000000000000000000556%
Which is one person doing it.

(In case simply increasing the fraction by three places wouldn't convince you.)

 

[The Low End Theo]

Either way I'm running it, sure the chances are against us, but they are chances, so it could happen

 

[Pleng]

let get say 1000 people to run it (that way it will only take 18.2621099 days

Er, no?

It's 378,432,000,000 a year for a single person, so 378,432,000,000,000 for 1000 people per year.
50 years is 18,921,600,000,000,000 for 1000 people.

~5.560 * 10^(e-23)

00.00000000000000000000556% chance of 1000 people succeeding after 50 years at my speed.
Opposed to...
00.00000000000000000000000556%
Which is one person doing it.

(In case simply increasing the fraction by three places wouldn't convince you.)

And the problem is it's random, so you can't count out the likely possibility of duplicate keys being tried - for any chance of success this needs to be made into a distributed application where the server hands the key ranges out to the clients to try.

 

[nukeboy95]

let get say 1000 people to run it (that way it will only take 18.2621099 days

Er, no?

It's 378,432,000,000 a year for a single person, so 378,432,000,000,000 for 1000 people per year.
50 years is 18,921,600,000,000,000 for 1000 people.

~5.560 * 10^(e-23)

00.00000000000000000000556% chance of 1000 people succeeding after 50 years at my speed.
Opposed to...
00.00000000000000000000000556%
Which is one person doing it.

(In case simply increasing the fraction by three places wouldn't convince you.)

google say other wise

http://lmgtfy.com/?q=1+year+divided+by+1000

 

[nukeboy95]

btw when i run this i get loads of errors

 

[Rydian]

google say other wise

http://lmgtfy.com/?q=1+year+divided+by+1000

... why are you dividing one year by 1000?

Like, where exactly does that fit into the equation?

 

[Janthran]

google say other wise

http://lmgtfy.com/?q...divided+by+1000

... why are you dividing one year by 1000?

Like, where exactly does that fit into the equation?

Y'see there's this thing called not knowing math..

 

[phort99]

google say other wise

http://lmgtfy.com/?q...divided+by+1000

... why are you dividing one year by 1000?

Like, where exactly does that fit into the equation?

Y'see there's this thing called not knowing math..

if you ran it for 50 years you'd still have a 99.99999999999999999999999443% chance of failure

That's not a 99.99999...% chance of success, that's a chance of failure. You might need to run for millions of years to for-sure find the correct key. Dividing 50 years by 1000 does not help that fact.

 

[Saddamsdevil]

In any case, even if we do try to brute force it, who is going to verify all those attempted codes and how?

Brute forcing will just NOT work guys.

 

[SifJar]

In any case, even if we do try to brute force it, who is going to verify all those attempted codes and how?

Brute forcing will just NOT work guys.

The brute force program will do that itself. Otherwise it would have to be done manually for each key which would take many orders of magnitude more years.

 

[Kyohack]

Short answer:
No, you can't brute force it.

Long answer:
Suppose the 3DS key is sixteen bytes long, just like the DSi. That would be 256^16 possible combinations, since each of the sixteen bytes can have 256 possible combinations. Multiply that with a calculator, and that's 340,282,366,920,938,463,463,374,607,431,768,211,456 combinations. Now for sake of arguement, let us suppose that every person in the world each has a quarter of a million dollars to spend on one of these devices, which can test 90,000,000,000 keys per second. Since the world's population is 6,840,507,003 according to Google, then that means we can test 615,645,630,270,000,000,000 keys per second. That would take us 552,724,408,636,999,296 seconds to test every key. Divide that by 60 seconds, and we need 9,212,073,477,283,321 minutes. Divide again by 60, and that would take 153,534,557,954,722 hours. Divide by 24 hours, and we have 6,397,273,248,113 days. Divide that by 365 days, and we have 17,526,776,022 years. The universe is scheduled to last another 4 billion years, since it is currently half way through it's lifespan. So in summary, we would need more than 4 times the time left in our universe.

Therefore, we come to the conclusion that its NOT possible to brute-force the key...

 

[McHaggis]

Short answer:
No, you can't brute force it.

Long answer:
Suppose the 3DS key is sixteen bytes long, just like the DSi. That would be 256^16 possible combinations, since each of the sixteen bytes can have 256 possible combinations. Multiply that with a calculator, and that's 340,282,366,920,938,463,463,374,607,431,768,211,456 combinations. Now for sake of arguement, let us suppose that every person in the world each has a quarter of a million dollars to spend on one of these devices, which can test 90,000,000,000 keys per second. Since the world's population is 6,840,507,003 according to Google, then that means we can test 615,645,630,270,000,000,000 keys per second. That would take us 552,724,408,636,999,296 seconds to test every key. Divide that by 60 seconds, and we need 9,212,073,477,283,321 minutes. Divide again by 60, and that would take 153,534,557,954,722 hours. Divide by 24 hours, and we have 6,397,273,248,113 days. Divide that by 365 days, and we have 17,526,776,022 years. The universe is scheduled to last another 4 billion years, since it is currently half way through it's lifespan. So in summary, we would need more than 4 times the time left in our universe.

Therefore, we come to the conclusion that its NOT possible to brute-force the key...

You'd need more than 4 times the time left if the key was the last combination tried. It's more probable that you'd find it before then, because the chances get better over time. It's safer to say that people will have forgotten what a 3DS is and also the world may no longer exist by the time the key is found.

Either way, it's a pointless discussion, although it would be hilarious if you guys found the key tomorrow with that app.

 

[SifJar]

Short answer:
No, you can't brute force it.

Long answer:
Suppose the 3DS key is sixteen bytes long, just like the DSi. That would be 256^16 possible combinations, since each of the sixteen bytes can have 256 possible combinations. Multiply that with a calculator, and that's 340,282,366,920,938,463,463,374,607,431,768,211,456 combinations. Now for sake of arguement, let us suppose that every person in the world each has a quarter of a million dollars to spend on one of these devices, which can test 90,000,000,000 keys per second. Since the world's population is 6,840,507,003 according to Google, then that means we can test 615,645,630,270,000,000,000 keys per second. That would take us 552,724,408,636,999,296 seconds to test every key. Divide that by 60 seconds, and we need 9,212,073,477,283,321 minutes. Divide again by 60, and that would take 153,534,557,954,722 hours. Divide by 24 hours, and we have 6,397,273,248,113 days. Divide that by 365 days, and we have 17,526,776,022 years. The universe is scheduled to last another 4 billion years, since it is currently half way through it's lifespan. So in summary, we would need more than 4 times the time left in our universe.

Therefore, we come to the conclusion that its NOT possible to brute-force the key...

As McHaggis points out, you are assuming it will be the last key found. The likeliness of that is very slim (in fact, the same likeliness as it being the first tried: 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456). Of course by the time you have test 25% of the keys, there is a 25% chance you will have found it, and so on. By the time you have tested 90% of the keys, there is only a 10% chance you haven't found it yet. (Well, technically there is a 100% chance, seeing as if you found it, you would stop testing, but hopefully you know what I mean). My point is it is equally unlikely to be amongst the last keys as it to be amongst the first.

Also, the universe is not "scheduled to last another 4 billion years". I think you are thinking of the sun. The sun is said to be about half way through it's life and have about 4.5 billion years left.

Oh, and just to clarify, I'm not saying it will be found by brute force, or encouraging the use of the brute forcer, but it "could" happen. It bugs me when people pull out these numbers and say it will take X amount of years to find the key, when in reality it should be it could[/i] take X amount of years, but it is highly unlikely to take quite that long. An accurate statement would be "After X amount of years of brute forcing, you are guaranteed to have the key, but it could take much less than that".

 

[Rapper_skull]

@ichichfly I think there's something wrong with your code:
1) contsha1 is different from the one calculated on the tmd file.
2) You're using the same decfirstbytes (First bytes of the decripted content) of the dsi bruteforcer.
2.1) How can we know what are the first bytes of the decrypted content if we don't have it?
3) You're not using decfirstbytes at all, you're comparing the sha1 of the content decrypted with the current key with the contsha1, that it's a part of the tmd, how do you know it's the sha1 of the decrypted content?

Hope I'm wrong and your program works.
P.S. Remove the secure mode, it only tests the keys starting with 1.

 

[Pong20302000]

well we have the DSi key, wasnt that through bruteforce

 

[SifJar]

well we have the DSi key, wasnt that through bruteforce

no.

@ichichfly I think there's something wrong with your code:
1) contsha1 is different from the one calculated on the tmd file.
2) You're using the same decfirstbytes (First bytes of the decripted content) of the dsi bruteforcer.
2.1) How can we know what are the first bytes of the decrypted content if we don't have it?
3) You're not using decfirstbytes at all, you're comparing the sha1 of the content decrypted with the current key with the contsha1, that it's a part of the tmd, how do you know it's the sha1 of the decrypted content?

Hope I'm wrong and your program works.
P.S. Remove the secure mode, it only tests the keys starting with 1.

Well, 3) negates 2) and 2.1) - if decfirstbytes isn't used, it doesn't matter that he didn't change them from the DSi version, nor does it matter how one would find those bytes. The other stuff, I dunno.

 

[Pong20302000]

well we have the DSi key, wasnt that through bruteforce

no.

how was the DSi key found?

 

[SifJar]

well we have the DSi key, wasnt that through bruteforce

no.

how was the DSi key found?

Team Twiizers found it, either by RAM dumps or possibly poking around in memory using their DSi mode exploit (in Classic Word Games, the same exploit WinterMute later released). loopy also claimed to have found it earlier than that, but he said the first digit bit in the key was a 1, which IIRC it wasn't. I'm not sure if it was or not.